diff options
author | Erich Eckner <git@eckner.net> | 2019-09-02 10:57:31 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-09-02 12:03:10 +0200 |
commit | dfbcea79b227d150e2f5a35f9172f4f12d025fc2 (patch) | |
tree | ad00fe538d8acbc311839d2d1bb101ec4b835349 /etc/ca.conf | |
parent | 1528df30f0084924b3ab49c0083438479ecb7838 (diff) | |
download | simple-pki-dfbcea79b227d150e2f5a35f9172f4f12d025fc2.tar.xz |
shorter lifetime for certs
Diffstat (limited to 'etc/ca.conf')
-rw-r--r-- | etc/ca.conf | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/ca.conf b/etc/ca.conf index 0b768e0..74c4065 100644 --- a/etc/ca.conf +++ b/etc/ca.conf @@ -46,7 +46,7 @@ serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file database = $dir/ca/$ca/db/$ca.db # Index file unique_subject = no # Require unique subject -default_days = 3652 # How long to certify for +default_days = 365 # How long to certify for default_md = sha1 # MD to use policy = match_pol # Default naming policy email_in_dn = no # Add email to cert DN @@ -55,7 +55,7 @@ name_opt = ca_default # Subject DN display options cert_opt = ca_default # Certificate display options copy_extensions = none # Copy extensions from CSR x509_extensions = signing_ca_ext # Default cert extensions -default_crl_days = 365 # How long before next CRL +default_crl_days = 30 # How long before next CRL crl_extensions = crl_ext # CRL extensions [ signing_ca ] @@ -66,7 +66,7 @@ serial = $dir/ca/$ca/db/$ca.crt.srl # Serial number file crlnumber = $dir/ca/$ca/db/$ca.crl.srl # CRL number file database = $dir/ca/$ca/db/$ca.db # Index file unique_subject = no # Require unique subject -default_days = 730 # How long to certify for +default_days = 90 # How long to certify for default_md = sha1 # MD to use policy = match_pol # Default naming policy email_in_dn = no # Add email to cert DN |